Privacy Policy for “Rheumatic?”

Last updated on 2022-10-04

Here at Elsa Science AB ("Elsa" or "we"), we respect your privacy and undertake to protect your personal data in accordance with the General Data Protection Regulation ("GDPR") and all other applicable privacy legislation.

The privacy policy is aimed at users of the service “Rheumatic?” (“service” or “Rheumatic?”) that Elsa provides through our website rheumatic.elsa.science (“website”). Elsa is the data controller for the processing of all personal data that you submit when using Elsa’s service via the website. For a more detailed description of our service, please refer to our terms of service.

We promise that Elsa will never sell, transfer or otherwise make your personal data available to a third party without your express consent or in any manner which is not expressly stated in this privacy policy. If you feel that anything is unclear or if you have any objections to the way in which we process your personal data, please feel free to contact our data protection officer via email at DPO@elsa.science.

1. CONTACT DETAILS FOR THE PERSONAL DATA CONTROLLER

Elsa Science AB

Company Reg No. 559105-5479

Luntmakargatan 26

111 37 Stockholm

Email: hello@elsa.science

Data protection officer: Sally Robertson

Email: DPO@elsa.science

2. WHAT INFORMATION DO WE COLLECT ABOUT YOU?

When you use the service, certain pieces of information will be collected automatically, such as information about your language settings and information about your identification and operating system, as well as other items of technical information concerning your device. We may also use cookies and similar technologies in order to collect such data. More information about the use of cookies can be found in section eight below.

Your test answers are only processed locally in your web browser and are stored in the url of the resultpage so you can revisit your test result whenever you want, by saving the web address. Your data will not be processed on an external server.

3. THE PURPOSE AND LEGAL BASIS FOR DATA PROCESSING

Development of the service

Elsa analyses your use of the service in order to improve the service for users and to develop new products and services. Such processing is only undertaken if a balancing test indicates that Elsa’s interest in developing and improving the service and new products outweighs the data subject’s interest in protecting their data.

4. RECIPIENTS OF YOUR PERSONAL DATA

In order for us to operate Elsa in the best possible way, we need to share your personal data with external service providers so that they can perform certain tasks on our behalf. These service providers process user data and help us to deliver the service, and they do this in accordance with the present privacy policy and the specific purposes that are described in section three above. Service providers that we work with are Amazon Web Services (only if you choose to use the feature “print to PDF”) and , Google Analytics(data about how the service is used). If a third party processes personal data on our behalf (e.g. Amazon or Google), they are bound by data processing agreements and by security and confidentiality requirements which conform with GDPR and applicable privacy legislation. Note that we are responsible at all times for your personal data and other information — and that no third-party service can acquire any additional rights other than the ones provided for by the present privacy policy.

5. DATA TRANSFERS TO THIRD COUNTRIES OUTSIDE OF THE EU/EEA

Elsa endeavours to always process your personal data within the EU/EEA. In cases where your personal data is transferred outside of the EU/EEA and to a country that is not considered to offer an adequate level of protection, we will take appropriate security measures before any such transfer is commenced. Examples of such security measures can include the EU Commission’s standard clauses.

6. YOUR RIGHTS

The personal data that Elsa processes about you must be correct. Should it come to light that your data is incomplete or incorrect, you are entitled at any time to request that it be corrected or supplemented. You are also entitled, in certain circumstances, to: i) request that your personal data be deleted, ii) request that processing of your personal data be restricted, iii) object to the processing of your personal data, which includes requesting that it not be processed or used for direct marketing or analytical purposes (even profiling to the extent this is connected to direct marketing) and iv) request that your personal data be transferred to you or to another person in an electronic format.

You are also entitled at any time to request information regarding what personal data Elsa processes on you in its capacity as data controller, and this information shall generally be provided free of charge. Send your request to the email address given in the contact information section of this privacy policy. Register extracts containing details of your personal data are normally sent out within one month of being requested.

If you object to our data processing, then Elsa will no longer be permitted to process your personal data, unless we have a legal basis for processing other than a balancing of interests or unless we can demonstrate overriding legitimate grounds which outweigh the interests, rights or freedoms of the data subject, or if the processing is undertaken for the purpose of determining, practising or defending legal claims. If your objection relates to processing that is undertaken for purposes of direct marketing, then Elsa will no longer be entitled to process your data for this purpose (unless we have a legal basis for processing other than a balancing of interests).

If you have any questions about how Elsa processes your personal data or if you would like to exercise any of the rights described above, please feel free to get in touch with Elsa (see contact details above).

7. YOU CAN WITHDRAW YOUR CONSENT AT ANY TIME

If you have given us consent to process your personal data, you can withdraw your consent at any time (without this affecting the legality of any data processing undertaken before your consent was withdrawn). In such a case, Elsa will no longer be entitled to continue with the data processing in question (unless there is another legal basis for processing). If you would like to withdraw your consent, we ask that you contact us via the contact details given in this privacy policy. Please indicate to what extent you wish to withdraw your consent – i.e. whether you want to withdraw consent for all data processing or only certain kinds.


8. COOKIES, BEACONS AND SIMILAR TECHNOLOGIES

We collect information using technologies such as cookies, beacons and local storage (i.e. on your web browser or device). Within this privacy policy, we use the term ‘cookies’ to refer to all technology, including data and text, that we store on your web browser or device.

What is a cookie?

A cookie is a small text file that is stored on your computer, smartphone or other device whenever you visit a website. Among other things, cookies can help us to recognise you the next time you visit our website, and they also enable us to offer you a more secure and operationally stable service.

Elsa uses the following cookies:

Functional cookies

We use functional cookies in order to enable certain functions within the service and to remember your choices and settings whenever you use the service again.

Analytical cookies

We use analytical cookies to measure demand for our product, to study how it is used and to collect data on how it functions when in operation. The information that we collect is then used to maintain and improve the service.

Third party cookies

We may also allow our partners to use cookies within our services for the same purposes that are described above. Third party suppliers may also use cookies on our behalf in accordance with the purposes that are described above. We use cookies from Google Analytics to analyse how the service is used.

Most web browsers allow the user to decide how cookies should be managed. You can set your web browser to reject cookies or to remove certain types of cookies. If you decide to block cookies, certain functions within the service may become impaired or removed completely as they require the use of cookies to work. You can find more general information about cookies on the website of the Swedish Post and Telecom Authority (www.pts.se) or the Dutch equivalent https://www.autoriteitpersoonsgegevens.nl/nl/onderwerpen/internet-telefoon-tv-en-post/cookies.

9. CONTACT DATA PROTECTION OFFICER

If you have any questions about our processing of your personal data, this privacy policy or what other factors apply to the protection of your privacy, or if you would like to exercise any of your rights, please contact us at: DPO@elsa.science or Elsa Science AB, Västmannagtan 4, 111 24, Stockholm.


10. THE RIGHT TO LODGE A COMPLAINT

If you believe that our processing of your personal data is in breach of the GDPR or applicable privacy legislation, you can lodge a complaint with the relevant supervisory authority. In Sweden, this authority is the Swedish Data Protection Authority (Datainspektionen) and their website is: www.datainspektionen.se.

11. NOTIFICATION OF AMENDMENTS

We may make amendments to this privacy policy. Such modification will be effective immediately upon being posted on the website. We will make note of the date of our last update to the Agreement on the first paget of this Agreement. You are responsible for reviewing these terms and conditions regularly. Your continued use of the Service after such modifications will be deemed to be Your conclusive acceptance of all modifications to this Agreement. If You are dissatisfied as a result of such modification(s), Your only recourse is to immediately discontinue use of the Service.